This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/internal/outpost/proxyv2/application/session.go
Jens Langhammer 3c048a1921 outposts/proxy: fix session not expiring correctly due to miscalculation
closes #1976

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-21 13:10:57 +01:00

56 lines
1.8 KiB
Go

package application
import (
"fmt"
"math"
"os"
"strconv"
"github.com/gorilla/sessions"
"goauthentik.io/api"
"goauthentik.io/internal/config"
"gopkg.in/boj/redistore.v1"
)
func (a *Application) getStore(p api.ProxyOutpostConfig) sessions.Store {
var store sessions.Store
if config.G.Redis.Host != "" {
rs, err := redistore.NewRediStoreWithDB(10, "tcp", fmt.Sprintf("%s:%d", config.G.Redis.Host, config.G.Redis.Port), config.G.Redis.Password, strconv.Itoa(config.G.Redis.OutpostSessionDB), []byte(*p.CookieSecret))
if err != nil {
panic(err)
}
rs.SetMaxLength(math.MaxInt)
if p.TokenValidity.IsSet() {
t := p.TokenValidity.Get()
// Add one to the validity to ensure we don't have a session with indefinite length
rs.SetMaxAge(int(*t) + 1)
} else {
rs.SetMaxAge(0)
}
rs.Options.Domain = *p.CookieDomain
a.log.Info("using redis session backend")
store = rs
} else {
dir := os.TempDir()
cs := sessions.NewFilesystemStore(dir, []byte(*p.CookieSecret))
// https://github.com/markbates/goth/commit/7276be0fdf719ddff753f3574ef0f967e4a5a5f7
// set the maxLength of the cookies stored on the disk to a larger number to prevent issues with:
// securecookie: the value is too long
// when using OpenID Connect , since this can contain a large amount of extra information in the id_token
// Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk
cs.MaxLength(math.MaxInt)
if p.TokenValidity.IsSet() {
t := p.TokenValidity.Get()
// Add one to the validity to ensure we don't have a session with indefinite length
cs.MaxAge(int(*t) + 1)
} else {
cs.MaxAge(0)
}
cs.Options.Domain = *p.CookieDomain
a.log.WithField("dir", dir).Info("using filesystem session backend")
store = cs
}
return store
}